Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 6 most recent headlines Filtered view

3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging FaceResearchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata.

Bank Info Security 1 year, 6 months ago

Nuclei Patches High Severity Flaw in Security Tool

Flaw Enabled Signature Bypassing on Nuclei ProjectDiscoveryOpen-source vulnerability scanner Nuclei patched a critical flaw in its open-source vulnerability management tool ProjectDiscovery. Security firm Wiz uncovered the flaw, a signature verification system flaw that could allow attackers to execute malicious code using custom code templates.

Flaws in Fuji's Tellus and V-Server Software Pose Risks to Critical InfrastructureSecurity researchers have uncovered 16 zero-day vulnerabilities in Japanese equipment manufacturer Fuji Electric's Tellus and V-Server remote monitoring software that enable attackers to execute malicious code in devices commonly used by utilities and other critical infrastructure providers.

Bank Info Security 1 year, 9 months ago

Rockwell Automation PLC Software Contains RCE Flaw

Attackers Could Shut Down Operations Or Cause Physical DamageA severe vulnerability in Rockwell Automation software used to configure programmable logic controllers could allow attackers to remotely execute malicious code. The vulnerability is rated 8.8 on the CVSS v4 scale. The U.S. Cybersecurity and Infrastructure Security Agency advised immediate patching.

Bank Info Security 1 year, 10 months ago

CloudImposer RCE Vulnerability Targets Google Cloud Platform

Attackers Could Exploit Flaw to Run Malicious Code on Google' s, Customers' ServersGoogle patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.

Bank Info Security 2 years, 2 months ago

Critical Flaw in R Language Poses Supply Chain Risk

Deserialization Vulnerability Allows for Remote Code ExecutionA high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who say they uncovered a deserialization flaw. Security researchers have long known that hackers sneak malicious code into serialized data.